EUVD-2022-45980

ID: EUVD-2022-45980

Severity: high

CVSS v4: Not provided

CVSS v3: 7.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)

CWE: None listed

Source: ENISA

Description

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database.

Timestamps

Normalized: 2025-12-31T11:32:26Z UTC
Last updated: 2025-12-31T11:30:42Z UTC

References

No references provided.

VulnAI

EUVD-2022-45980

Description

Timestamps

References